Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

The PIX LAN-to-LAN tunnel is not established, and the pre-shared keys do not match

Core issue

If the debug crypto isakmp command shows the "reserve not zero on payload 5!" error message, there is a pre-shared keys mismatch.

To confirm use command "show crypto isakmp sa". if the output displays "MM_Key_exchange" ,it mean's that phase 1 is getting stuck at key exchange. Reasons might be because of mismatch in preshare keys or wrong ip address for peer in cryptomap entry.

Resolution

For LAN-TO-LAN VPN using pre-shared keys, check the key in this command: 

isakmp key ******** address 172.16.172.34 255.255.255.255 no-xauth no-config-mode

Note: The pre-shared key is designated by asterisks (***).

If the keys do not match, issue this command to remove the line:

no isakmp key ******** address 172.16.172.34 255.255.255.255 no-xauth no-config-mode

Re-issue the command with the correct pre-shared key.

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 05:11 PM
Updated by:
 
Labels (1)